MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b
SHA3-384 hash: 11f429deb3a798584cce1e3f3058e5f1e17a879af95a2dd3f40fa2eb8543dcba61348666b50eee75b97a4932c015eb30
SHA1 hash: 6ab27a312b5ec16cdaca232134bbb70c2bdd8742
MD5 hash: e5ed864cd4c81265341ebd6aefd4f88c
humanhash: echo-oscar-fix-speaker
File name:telnet.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'069 bytes
First seen:2025-08-29 13:45:22 UTC
Last seen:2025-08-29 15:30:10 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:ThL8QoKtwzcZmdNY9E5STHsbE5KrtlmBoVdg9URS:Thn4TI
TLSH T1FB41CCCCD3A09FD1C652CD50B4A2D7C4A3FD95CA6A91CBF1A48B1821A88D980BC7572E
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.248.150.68:84/x86_64b67f7fe1169e6c6139b92f3d3daee8ba1bb19b3c1c3267f29cbbd1a4f7d09b93 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/aarch64f38db67a038dec44df5b6d3e4a36b81f05574f7105da26bd75d64bd701ae1399 Miraielf mirai ua-wget
http://87.248.150.68:84/m68kc9328f788c095471ba7ba4a9bf702bcda6e5e7d20119da8db261279bd1333211 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/mips42fbc617be354079673bd2fe0ddca9980e834e631681cf5460cd87eb39e2391e Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:84/mipsel10042c1b8692a8bf567a8be9a20f52b333aaeb79f5a60fb8ae9dc9a1a32bf323 Miraielf geofenced mips mirai ua-wget USA
http://87.248.150.68:84/powerpcc8393ef6fa63cb5e8df05f72037b6505bf7f5591fee32881a84c5fa639fc3da5 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/sparcb8e1835879b4aeb84fcaf19d9775adb28848bc031e0634df5f092cc27136fa5e Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/sh4805f7622938b17b78660339b7c353edfb470ab1df42274c17a5b9a758a58fce6 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/arc20c7fe63ea801e2b60bd06e6568dfa1afb8f5a10950d06ce84269737d2e9e867 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/i486a7c7a4e2f42040cd94d2dc2104a93c86b2c5a83b7f113861a1184eda2752073f Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/armv4l6f435eb2236d179a36333f714817b0e83c536600faf3a5559af200d25304df4f Miraielf gafgyt geofenced mirai ua-wget USA
http://87.248.150.68:84/armv5l6b895dd5abe5372171cb9571f6afb129c678559602d17730762cb86797a559a7 Miraielf gafgyt geofenced mirai ua-wget USA
http://87.248.150.68:84/armv6l06dfacf4bb22758e1743be816e982b9af64da11c4889ecf68009469a5e5b1b67 Miraielf geofenced mirai ua-wget USA
http://87.248.150.68:84/armv7l40b70454a2e34804db7ee8e6eed43bcf55f1bab7b6473bce7e1b0e6ae3a5aab7 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
2
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-08-29T14:22:00Z UTC
Last seen:
2025-08-29T14:22:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-29 13:45:58 UTC
File Type:
Text (Shell)
AV detection:
9 of 36 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=njumlhevtbyb6l2wtyzzrwsooc6uwyaezpzksstb5tjn5tpgmanq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux persistence
Link:
https://tria.ge/reports/250829-q2wwcsdm6w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads process memory
Enumerates running processes
Modifies init.d
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.11
Link:
https://yomi.yoroi.company/submissions/6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6a68c59c9598701f2f569e3398da4e70bd4b6004cbf2a94a61ecd2decde6601b

(this sample)

Mirai

elf 40a5b42adcc97f619cae29155efd3d388a5008df2b84fb7524d444c10d12613b

  
URLhaus
https://urlhaus.abuse.ch/url/3608933/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3608934/
  
Dropping
MD5 ad70971135873c75b6799bb665a93d50
  
Dropping
SHA256 40a5b42adcc97f619cae29155efd3d388a5008df2b84fb7524d444c10d12613b
  
URLhaus
https://urlhaus.abuse.ch/url/3608936/
  
URLhaus
https://urlhaus.abuse.ch/url/3608937/
  
URLhaus
https://urlhaus.abuse.ch/url/3608777/

Comments